Patents by Inventor Jonathan Kozolchyk

Jonathan Kozolchyk has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20180278621
    Abstract: A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.
    Type: Application
    Filed: May 25, 2018
    Publication date: September 27, 2018
    Inventors: Jonathan Kozolchyk, Darin Keith McAdams, Jeffrey J. Fielding, Vaibhav Mallya, Darren E. Canavor
  • Publication number: 20180262347
    Abstract: A computer system associated with a certificate authority receives a request to obtain information that can be used to determine a validity status of a digital certificate. In response to the request, the computer system provides the information and updates usage information for the digital certificate to incorporate information obtained from the request. The usage information may be generated based at least in part on previous requests to obtain the information. Based at least in part on the usage information, the computer system will perform at least one operation associated with the digital certificate.
    Type: Application
    Filed: March 8, 2017
    Publication date: September 13, 2018
    Inventors: Marcel Andrew Levy, Peter Zachary Bowen, Jonathan Kozolchyk, Nicholas Wexler
  • Publication number: 20180262346
    Abstract: A certificate authority receives a request to issue a digital certificate from a customer. In response to the request, the certificate authority determines a network endpoint to be specific to the digital certificate that is to serve information usable to determine whether the digital certificate is valid. The certificate authority issues, to the customer, a digital certificate that specifies a network address for the network endpoint and records information about requests made to the network endpoint to obtain the information usable to determine whether the digital certificate is valid.
    Type: Application
    Filed: March 8, 2017
    Publication date: September 13, 2018
    Inventors: Marcel Andrew Levy, Peter Zachary Bowen, Jonathan Kozolchyk, Nicholas Wexler
  • Patent number: 10020942
    Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.
    Type: Grant
    Filed: August 3, 2017
    Date of Patent: July 10, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Jonathan Kozolchyk, Darren E. Canavor, Jeffrey J. Fielding, Vaibhav Mallya, Darin Keith McAdams
  • Publication number: 20180167220
    Abstract: In a distributed system, a computer system responsible, at least in part, for complying with a cryptographic key usage limit for a cryptographic key, obtains results of cryptographic operations generated based at least in part on the cryptographic key and transmits the obtained results over a network. The computer system digitally signs the results and provides the results with digital signatures of the results. Another device intercepts the results and allows the results to proceed to their destination contingent on successful validation of the digital signature.
    Type: Application
    Filed: January 26, 2018
    Publication date: June 14, 2018
    Inventors: Marcel Andrew Levy, Darren Ernest Canavor, Zachary Ganwise Fewtrell, Andrew Alphus Kimbrough, Jonathan Kozolchyk, Darin Keith McAdams, Pradeep Ramarao, Gregory Branchek Roth
  • Patent number: 9985974
    Abstract: A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.
    Type: Grant
    Filed: March 9, 2017
    Date of Patent: May 29, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Jonathan Kozolchyk, Darin Keith McAdams, Jeffrey J. Fielding, Vaibhav Mallya, Darren E. Canavor
  • Patent number: 9882720
    Abstract: In a distributed system, a computer system responsible, at least in part, for complying with a cryptographic key usage limit for a cryptographic key, obtains results of cryptographic operations generated based at least in part on the cryptographic key and transmits the obtained results over a network. The computer system digitally signs the results and provides the results with digital signatures of the results. Another device intercepts the results and allows the results to proceed to their destination contingent on successful validation of the digital signature.
    Type: Grant
    Filed: June 27, 2014
    Date of Patent: January 30, 2018
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Marcel Andrew Levy, Darren Ernest Canavor, Zachary Ganwise Fewtrell, Andrew Alphus Kimbrough, Jonathan Kozolchyk, Darin Keith McAdams, Pradeep Ramarao, Gregory Branchek Roth
  • Patent number: 9853811
    Abstract: Nodes in a distributed system utilize the same cryptographic key, where the cryptographic key is subject to a usage limit. The usage limit is allowed to be temporarily exceeded. When the usage limit is exceeded, results of exceeding the usage limit are corrected to mitigate the effects of exceeding the usage limit.
    Type: Grant
    Filed: June 27, 2014
    Date of Patent: December 26, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Marcel Andrew Levy, Darren Ernest Canavor, Zachary Ganwise Fewtrell, Andrew Alphus Kimbrough, Jonathan Kozolchyk, Darin Keith McAdams, Pradeep Ramarao, Gregory Branchek Roth
  • Publication number: 20170331629
    Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.
    Type: Application
    Filed: August 3, 2017
    Publication date: November 16, 2017
    Inventors: Jonathan Kozolchyk, Darren E. Canavor, Jeffrey J. Fielding, Vaibhav Mallya, Darin Keith McAdams
  • Publication number: 20170272441
    Abstract: A resource owner or administrator submits a request to a permissions management service to create a permissions grant which may include a listing of actions a user may perform on a resource. Accordingly, the permissions management service may create the permissions grant and use a private cryptographic key to digitally sign the created permissions grant. The permissions management service may transmit this digitally signed permissions grant, as well as a digital certificate comprising a public cryptographic key for validating the permissions grant, to a target resource. The target resource may use the public cryptographic key to validate the digital signature of the permissions grant and determine whether a user is authorized to perform one or more actions based at least in part on a request from the user to perform these one or more actions on the resource.
    Type: Application
    Filed: June 2, 2017
    Publication date: September 21, 2017
    Inventors: Jon Arron McClintock, Darren Ernest Canavor, Daniel Wade Hitchcock, Jonathan Kozolchyk
  • Patent number: 9756023
    Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, access policies define authorizations regarding which entities are able to resolve a token to access the actual sensitive data.
    Type: Grant
    Filed: August 12, 2016
    Date of Patent: September 5, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Jonathan Kozolchyk, Darren E. Canavor, Jeffrey J. Fielding, Vaibhav Mallya, Darin Keith McAdams
  • Publication number: 20170180389
    Abstract: A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.
    Type: Application
    Filed: March 9, 2017
    Publication date: June 22, 2017
    Inventors: Jonathan Kozolchyk, Darin Keith McAdams, Jeffrey J. Fielding, Vaibhav Mallya, Darren E. Canavor
  • Patent number: 9674194
    Abstract: A resource owner or administrator submits a request to a permissions management service to create a permissions grant which may include a listing of actions a user may perform on a resource. Accordingly, the permissions management service may create the permissions grant and use a private cryptographic key to digitally sign the created permissions grant. The permissions management service may transmit this digitally signed permissions grant, as well as a digital certificate comprising a public cryptographic key for validating the permissions grant, to a target resource. The target resource may use the public cryptographic key to validate the digital signature of the permissions grant and determine whether a user is authorized to perform one or more actions based at least in part on a request from the user to perform these one or more actions on the resource.
    Type: Grant
    Filed: March 12, 2014
    Date of Patent: June 6, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Jon Arron McClintock, Darren Ernest Canavor, Daniel Wade Hitchcock, Jonathan Kozolchyk
  • Patent number: 9596244
    Abstract: A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.
    Type: Grant
    Filed: June 16, 2011
    Date of Patent: March 14, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Jonathan Kozolchyk, Darin Keith McAdams, Jeffrey J Fielding, Vaibhav Mallya, Darren E. Canavor
  • Publication number: 20160352695
    Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, access policies define authorizations regarding which entities are able to resolve a token to access the actual sensitive data.
    Type: Application
    Filed: August 12, 2016
    Publication date: December 1, 2016
    Inventors: Jonathan Kozolchyk, Darren E. Canavor, Jeffrey J. Fielding, Vaibhav Mallya, Darin Keith McAdams
  • Patent number: 9419841
    Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, access policies define authorizations regarding which entities are able to resolve a token to access the actual sensitive data.
    Type: Grant
    Filed: June 29, 2011
    Date of Patent: August 16, 2016
    Assignee: Amazon Technologies, Inc.
    Inventors: Jonathan Kozolchyk, Darren E. Canavor, Jeffrey J. Fielding, Vaibhav Mallya, Darin Keith McAdams
  • Patent number: 9250088
    Abstract: Disclosed are various embodiments for discovery of public points of interest. Data identifying points of interest is obtained. Each point of interest is associated with a respective user and specifies a respective name and a respective geographic location. A public point of interest is determined based at least in part on a similarity of the respective names of a subset of the points of interest, a proximity of the respective geographic locations of the subset of the points of interest, and a number of different users associated with the subset of the points of interest.
    Type: Grant
    Filed: October 2, 2013
    Date of Patent: February 2, 2016
    Assignee: Amazon Technologies, Inc.
    Inventors: Jonathan Kozolchyk, Darren E. Canavor, Blake P. Hess, Jeffrey J. Fielding
  • Patent number: 8625757
    Abstract: A monitoring service may receive, from a plurality of service providers, log information pertaining to access calls made by service consumers to services or APIs provided by the service providers. The monitoring service aggregates and analyzes the log information for use in monitoring performance of the services, identifying anomalies, and the like. In some instances, the monitoring service may identify multiple services that are behaviorally interrelated based on at least one performance metric, and may group these services together into service groups for monitoring purposes. A service relationship model may be generated for each of the service groups that predicts how each service will behave relative to the other services in the service group. The monitoring service may monitor performance and use of the services based, at least in part, on the one or more service groups and the service relationship model for each group.
    Type: Grant
    Filed: June 24, 2011
    Date of Patent: January 7, 2014
    Assignee: Amazon Technologies, Inc.
    Inventors: Alexandre Karpov, Darin Keith McAdams, Jonathan Kozolchyk, Peter S Ding, Jeffrey J Fielding
  • Patent number: 8566014
    Abstract: Disclosed are various embodiments for discovery of public points of interest. Data identifying points of interest is obtained. Each point of interest is associated with a respective user and specifies a respective name and a respective geographic location. A public point of interest is determined based at least in part on a similarity of the respective names of a subset of the points of interest, a proximity of the respective geographic locations of the subset of the points of interest, and a number of different users associated with the subset of the points of interest.
    Type: Grant
    Filed: May 17, 2012
    Date of Patent: October 22, 2013
    Assignee: Amazon Technologies, Inc.
    Inventors: Jonathan Kozolchyk, Darren E. Canavor, Blake P. Hess, Jeffrey J. Fielding